10890 matches found
USN-5757-1: Linux kernel vulnerabilities
Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-427...
USN-5756-1: Linux kernel vulnerabilities
Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-427...
USN-5704-1: DBus vulnerabilities
It was discovered that DBus incorrectly handled messages with invalid type signatures. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. CVE-2022-42010 It was discovered that DBus was incorrectly validating the length of arrays of fixed-lengt...
USN-5692-1: Linux kernel vulnerabilities
David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the iouring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-2602...
USN-5626-2: Bind vulnerabilities
USN-5626-1 fixed several vulnerabilities in Bind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Yehuda Afek, Anat Bremler-Barr, and Shani Stajnrod discovered that Bind incorrectly handled large delegations. A remote attacker...
USN-5603-1: Linux kernel (Raspberry Pi) vulnerabilities
Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. CVE-2021-33061 It was discovered that the virtual terminal driver in the...
USN-5516-1: Vim vulnerabilities
It was discovered that Vim incorrectly handled memory access. An attacker could potentially use this issue to cause the corruption of sensitive information, a crash, or arbitrary code execution...
USN-5501-1: Django vulnerability
It was discovered that Django incorrectly handled certain SQL. An attacker could possibly use this issue to expose sensitive information...
USN-5453-1: FreeType vulnerability
It was discovered that FreeType incorrectly handled certain font files. An attacker could possibly use this issue to cause a denial of service...
USN-5452-1: NTFS-3G vulnerability
It was discovered that NTFS-3G was incorrectly validating NTFS metadata in its ntfsck tool by not performing boundary checks. A local attacker could possibly use this issue to cause a denial of service or to execute arbitrary code...
USN-5432-2: libpng vulnerabilities
USN-5432-1 fixed vulnerabilities in libpng. This update provides the corresponding updates for libpng1.6. Original advisory details: It was discovered that libpng incorrectly handled memory when parsing certain PNG files. If a user or automated system were tricked into opening a specially crafted...
USN-4961-2: pip vulnerability
USN-4961-1 fixed a vulnerability in pip. This update provides the corresponding updates for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. Original advisory details: It was discovered that pip incorrectly handled unicode separators in git references. A remote attacker could possibly use...
USN-5428-1: libXrandr vulnerabilities
Tobias Stoeckmann discovered that libXrandr incorrectly handled certain responses. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. CVE-2016-7947, CVE-2016-7948...
USN-5151-1: Mailman vulnerabilities
It was discovered that Mailman incorrectly handled certain URL. An attacker could possibly use this issue to execute arbitrary code. CVE-2021-43331 It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information...
USN-4665-2: curl vulnerabilities
USN-4665-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV responses. An attacker could possibly use this issue to tric...
USN-4656-2: X.Org X Server vulnerabilities
USN-4656-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server XKB extension incorrectly handled certain inputs. A local attacker could possibly use this issue to...
USN-4656-1: X.Org X Server vulnerabilities
Jan-Niklas Sohn discovered that the X.Org X Server XKB extension incorrectly handled certain inputs. A local attacker could possibly use this issue to escalate privileges...
USN-4624-1: libexif vulnerability
It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause unexpected behaviours, or execute arbitrary code...
USN-4399-1: Bind vulnerabilities
It was discovered that Bind incorrectly handled large responses during zone transfers. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. CVE-2020-8618 It was discovered that Bind incorrectly handled certain asterisk characters in zone files....
USN-4396-1: libexif vulnerabilities
It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. CVE-2020-0093, CVE-2020-0182 It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause a remote...
USN-4386-1: libjpeg-turbo vulnerability
It was discovered that libjpeg-turbo incorrectly handled certain PPM files. An attacker could possibly use this issue to access sensitive information...
USN-4347-1: WebKitGTK vulnerability
A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
USN-4278-3: Firefox regressions
USN-4278-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted...
USN-4150-1: Thunderbird vulnerabilities
It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain...
USN-4087-1: BWA vulnerability
It was discovered that Burrows-Wheeler Aligner BWA mishandled certain crafted .alt files. An attacker could use this vulnerability to cause a denial of service crash or possibly execute arbitrary code...
USN-3961-1: Dovecot vulnerabilities
It was discovered that the Dovecot Submission login service incorrectly handled certain operations. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service...
USN-3658-3: procps-ng vulnerabilities
USN-3658-1 fixed a vulnerability in procps-ng. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that the procps-ng top utility incorrectly read its configuration file from the current working directory. A local attacker could possibl...
USN-3743-1: WebKitGTK+ vulnerabilities
A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
USN-3630-2: Linux kernel (HWE) vulnerability
USN-3630-1 fixed a vulnerability in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did...
USN-3595-1: Samba vulnerabilities
Björn Baumbach discovered that Samba incorrectly validated permissions when changing account passwords via LDAP. An authenticated attacker could use this issue to change the password of other users, including administrators, and perform actions as those users. CVE-2018-1057 It was discovered that...
USN-3563-1: Mailman vulnerability
It was discovered that Mailman incorrectly handled certain web scripts. An attacker could possibly use this to inject arbitrary code...
USN-3562-1: MiniUPnP vulnerabilities
It was discovered that MiniUPnP incorrectly handled memory. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with privileges of the user running an application that uses the MiniUPnP library...
USN-3505-1: Linux firmware vulnerabilities
Mathy Vanhoef discovered that the firmware for several Intel WLAN devices incorrectly handled WPA2 in relation to Wake on WLAN. A remote attacker could use this issue with key reinstallation attacks to obtain sensitive information. CVE-2017-13080, CVE-2017-13081...
USN-3471-1: Quagga vulnerabilities
Andreas Jaggi discovered that Quagga incorrectly handled certain BGP UPDATE messages. A remote attacker could possibly use this issue to cause Quagga to crash, resulting in a denial of service. CVE-2017-16227 Quentin Young discovered that Quagga incorrectly handled memory in the telnet vty CLI. A...
USN-3426-1: Samba vulnerabilities
Stefan Metzmacher discovered that Samba incorrectly enforced SMB signing in certain situations. A remote attacker could use this issue to perform a machine-in-the-middle attack. CVE-2017-12150 Stefan Metzmacher discovered that Samba incorrectly handled encryption across DFS redirects. A remote...
USN-3423-1: Linux kernel vulnerability
It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service system crash...
USN-3391-3: Firefox regression
USN-3391-1 fixed vulnerabilities in Firefox. The update introduced a performance regression with WebExtensions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a...
USN-3389-2: GD vulnerability
USN-3389-1 fixed a vulnerability in GD Graphics Library. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: A vulnerability was discovered in GD Graphics Library aka libgd, as used in PHP that does not zero colorMap arrays before use. A specially crafte...
USN-3334-1: Linux kernel (Xenial HWE) vulnerability
USN-3328-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the stack guard page for processes in the Linux kernel was not...
USN-3250-1: Linux kernel vulnerability
It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service system crash or execute arbitrary code with administrative privileges...
USN-3229-1: Python Imaging Library vulnerabilities
It was discovered that the Python Imaging Library incorrectly handled certain compressed text chunks in PNG images. A remote attacker could possibly use this issue to cause the Python Imaging Library to crash, resulting in a denial of service. CVE-2014-9601 Cris Neckar discovered that the Python...
USN-3160-2: Linux kernel (Trusty HWE) vulnerabilities
USN-3160-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. CAI Qian discovered that shared bind mounts in a mount namespace exponentially added...
USN-3144-1: Linux kernel vulnerability
Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel did not properly validate control messages. A local attacker could use this to cause a denial of service system crash or possibly gain privileges...
USN-3085-1: GDK-PixBuf vulnerabilities
It was discovered that the GDK-PixBuf library did not properly handle specially crafted bmp images, leading to a heap-based buffer overflow. If a user or automated system were tricked into opening a specially crafted bmp file, a remote attacker could use this flaw to cause GDK-PixBuf to crash,...
USN-3084-1: Linux kernel vulnerabilities
Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel. A local attacker could use this to corrupt audit logs or disrupt system-call auditing. CVE-2016-6136 It was discovered that the powerpc and powerpc64 hypervisor-mode KVM implementation in the Linux kernel for did...
USN-2968-2: Linux kernel (Trusty HWE) vulnerabilities
USN-2968-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kerne...
USN-2950-1: Samba vulnerabilities
Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a machine-in-the-middle attack, or possibly execute arbitrary code. CVE-2015-5370 Stefan...
USN-2949-1: Linux kernel (Vivid HWE) vulnerabilities
Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2015-8812 Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux...
USN-2937-1: WebKitGTK+ vulnerabilities
A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
USN-2852-1: Linux kernel (Raspberry Pi 2) vulnerability
Jann Horn discovered a ptrace issue with user namespaces in the Linux kernel. The namespace owner could potentially exploit this flaw by ptracing a root owned process entering the user namespace to elevate its privileges and potentially gain access outside of the namespace...